Europe exposes its stiff data protection law this week

Time for Facebook, Google et al to lobby hard

Common Topics

Stringent proposals for the revision of Europe's outdated 1995 data protection law are to be revealed by officials this coming Wednesday.

The European Commission's vice-president Viviane Reding said in a speech in Germany on Saturday that the new regulation on handling sensitive data will, among other things, require internet firms to admit breaches of the rules within 24 hours of their occurrences.

The justice commissioner previously told this reporter that the so-called "right to be forgotten" would form a central part of the proposed reform of the DP law, which is expected to be policed on a national level by relevant data protection authorities if the bill is passed in Brussels.

Reding said that internet outfits that collect and retain data about their customers will be required to explain why it is necessary to hold such information on their databases.

As The Register has previously reported, the proposed revision to Europe's 17-year-old data protection regulation will include the "right to 'data portability'", which Reding described as "an essential element of the legislative reform".

According to the Financial Times, which has seen a draft of the proposals, internet companies could be fined up to 2 per cent of their global turnover if they are found to have violated the new data protection rules.

However, legislative reform of the EU's current data protection rules could take more than a year to complete - the proposed bill must wind its way through the European Parliament and the Council of Ministers before the union's 27 nations are required to splice the regulations into their own law books, which could yet meet fierce opposition.

In the UK, for example, the reform has been seen by Justice Secretary Ken Clarke as a dangerous move with the potential to compromise freedoms and security. Last year he lambasted Reding's "one size fits all" approach and said that "imposing a single, inflexible, codified data protection regime on the whole of the European Union, regardless of the different cultures and different legal systems, carries with it serious risks". ®